Logo

Poly Community
Help
cancel
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
luriep
Polycom Employee
Polycom Employee
‎12-27-2013 03:44 PM
‎12-27-2013 03:44 PM

If you've deployed Polycom RealPresence Resource Manager (RPRM) including Polycom RealPresence Video DualManager 400 (VDM), then please take a moment and read Security Bulletin 5471: Security Advisory Relating to JBoss Application Server on RealPresence Resou....  

 

The underlying issue is that the internal JBoss Application Server is vulnerable to remote command execution via the ‘HTTP Invoker’ service that provides Remote Method Invocation (RMI over HTTP). Access to the URLs ‘/invoker/EJBInvokerServlet’or ‘/invoker/JMXInvokerServlet’ with detached invoker operation via an HTTP POST request can be used to deploy a malicious remote Web Application Archive. 

 

What does this mean?  If you use RPRM version 7.x up through and including the just released 8.1.0 then please read the security bulletin and contact Polycom Support for a patch. 

 

In general, all security bulletins are available at the Polycom Security Center.  They are also available via RSS Feed

0 Kudos
Announcements
Welcome to the Polycom Techie Blog! Please feel free to comment on our articles!